THE MORAY COUNCIL CORPORATE RISK REGISTER Appendix... · Council corporate plan in place running through to 2017 linking the Moray 2023 plan with the council’s service planning

Page 1 of 15 Corporate Risk Register March 2016

APPENDIX 1

THE MORAY COUNCIL CORPORATE RISK REGISTER Date: March 2016

No.

RISK Threat to

achievement of business objective

Scope/ potential consequences of risk

Initial risk Risk control measures in

place

Residual risk Risk control activity now

proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

1. Political risks 1.1 Political priorities are

not achieved. • Manifesto priorities of

the Administration are not delivered.

• Financial constraints may impact on ability to deliver priorities.

• Lack of clarity as to council plans and outcomes.

• Minority administration unable to secure political support for policy initiatives

5 5 25 • Moray 2023 plan and associated prevention plan in place describing Community Planning priorities

• Council corporate plan in place running through to 2017 linking the Moray 2023 plan with the council’s service planning process

• Council and committees monitor progress on delivery of priorities.

4 4 16 • Community Planning Board to continue monitoring progress of plan and delivery of agreed targets.

• Plan targets to be revised and updated in 2026 plan with emphasis continuing on preventative measures reducing partner interventions and securing sustainable outcomes

• Address issues arising from the Audit Scotland best value follow up report on providing development opportunities for elected members

CMT

1.2 Effectiveness of decision making.

• A lack of clarity between members and officers functions and roles is apparent

• There is insufficient scrutiny of decision

5 4 20 • Roles and functions of senior councillors and senior officers clearly established. Senior officers held to account through

4 4 16 • Decision making to continue through Council and committees as appropriate, with reference to the Community Planning

CMT

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 4


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

making processes • Administration Group

does not have a majority

• Decisions do not fully consider statutory responsibilities of the Council.

Committee reporting arrangements

• Audit and Scrutiny Committee provides challenge

• Committee arrangements revised to meet changing needs

• A ‘Summary of Implications’ section is given in all committee reports to inform decision making processes.

• Community engagement strategy approved for application during 2016/17Suite of governance documents reviewed and updated

Board as required and through the Service Development Group and senior officer teams.

• Monitoring officer to maintain statutory role of ensuring legality of decision making processes.

• CMT/SMT to provide support and advice to members on sustainability of proposals.

)

1.3 Partnership working may lead to diminution of accountability and control and objectives are not delivered

• Poor value for money obtained from partnership arrangements.

• Performance expectations not delivered.

• Not all partners contribute as necessary

5 5 25 • Community Planning Board, Partnerships and Community Engagement Group in place

• Improvement Service led self-evaluation of community planning arrangements progressed

4 4 16 • CPP governance arrangements to be further developed with statutory partners

• Contractual partnerships continue to be reviewed as part of procurement process

• Partnership risk register to be updated in consultation

CE CD(CS) CE

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 5


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

• Partners lose confidence in ability to deliver.

• Public loses confidence in partners’ ability to deliver.

• Services are not delivered as expected

• Health and Social Care Integration Joint Board now established with separate governance arrangements Performance targets being monitored by Community Planning Board

with partners • Management of external

funding for projects delivered in partnership to be subject to enhanced scrutiny.

1.4 Economic regeneration not secured

• Impact on Housing, Schools and Revenue

• Expansion of economic development role

• Loss of relatively well paid jobs affecting services in the Community

• Loss of vibrancy • Competitiveness /

sustainability issues.

5 5 25 • Economic strategy published in conjunction with Moray Economic Partnership with short, medium and long term objectives.

• Process of quarterly monitoring reports to ED & I Committee established

• Local development plan finalised and approved

• Annual report on economic development published to raise awareness of the council’s involvement in this process

4 4 16 • Agreed priorities to continue to be scrutinised by Moray Economic Partnership –one programme per quarter

• Moray Economic Strategy being refreshed to ensure consistency between Scottish Government and Council economic priorities and outcomes to ensure links between economic strategy and Moray 2023 plan are maintained.

• Continue to raise staff awareness of the importance of economic regeneration.

• • Policy on developer

CD(ED&I)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 6


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

contributions to be reviewed

2. Financial risks 2.1 The current

economic climate places additional strain on the Council's resources

• Real terms reduction in grant funding to the Council.

• Capacity to secure savings and set a balanced budget not sustained.

• Greater incidence of job losses and indebtedness in the population impact on Council Services.

• May need to change budgetary priorities.

• Contractors (and their sub-contractors) more likely to fail leading to loss of supply

• Expectation that the Council will provide support for economic recovery.

• Budget reductions may impact disproportionately on disadvantaged individuals or communities.

5 5 25 • Financial Plan is reviewed and updated annually.

• Balanced budget secured for 2016/17.

• Equality Impact Assessments undertaken where budget reductions proposed

• Financial Planning Strategy was presented to all councillors

5 5 25 • Financial planning for both revenue and capital funding being progressed by Administration Group for future years having regard to council priorities and known and projected budget reductions.

• CMT to continue regular meetings with SNP group to discuss strategic issues including the financial plan

• The financial planning strategy identifies the importance of community engagement and given the scale of further budget and service reductions required: a significant amount of work needs to be progressed during 2016/17 to engage with communities.

CMT/ HOFS

2.2 Sound resource management is not

• Failure to meet statutory

5 5 25 • Financial Regulations. • Budget monitoring.

4 4 16 • Service budget monitoring and

CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 7


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

exercised.

obligations and business objectives.

• Pressure on budgets increases.

• Inefficient and ineffective use of resources adversely affects delivery of critical services.

• Criticism from external audit.

• Poor publicity and adverse effect on the Council's reputation

• Budget Manager training.

• Annual internal audit programme.

• External audit. • Asset Management

Working Group • Longer term pressures

highlighted in Financial Plan – key issues: PPP, Inflation, Demand for Care Services. Zero Waste Management Plan Office accommodation rationalised Energy monitoring in place Regular quarterly reporting on procurement initiatives including procurement forum established for CMT/SMT

restrictions on spend where possible.

• Efficiency Savings Monitoring and identification of further efficiency savings.

• Reports on budget pressures identify issues and risks for management and political review.

• CMT monitor budget pressures quarterly

• Liaison with partners to mitigate risks of reduction in opportunities to secure external funding

• Manage outcomes from strategic reviews of leisure services

CD(CS) CD(CS) CMT CMT CMT

2.3 Rationalisation of services and financial climate affects probity

• Greater risk of fraud /theft being perpetrated against the Council.

4 4 16 • Financial control environment

• Anti Fraud policy reviewed and updated

• Assurance reports from external/internal

3 3 9 • Corporate fraud initiatives being developed as a consequence of welfare reform staffing changes

CD(CS) CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 8


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

audit • Integrity group

established and promoted through staff team talk

• Positive outcomes from National Fraud Initiative provides assurances on quality of data held in main council systems

CD(CS)

2.4 Savings requiring to be made by Community Planning Partners adversely impact on Council services and budgets

• Savings impact more severely on one group in the Community.

• Partner savings require Council to re-assess service provision to reduce impact.

5 4 20 • Agreement from partners to share budget savings proposals secured.

• Consolidated budgets developed at high level

• Budget implications regularly discussed at Community Planning Officer Group meetings

3 3 9 • Continue to monitor risks re. aggregation of budgets for jointly delivered projects; specifically health and social care integration.

•

CMT

3. Human Resources (People) Risks 3.1 Inability to recruit

and retain well qualified and experienced staff.

• Rationalisation of workforce leads to loss of essential experience, expertise and 'corporate memory'.

• Lack of specialist staff in certain disciplines degrades the

5 4 20 • Corporate Workforce Plan is in place.

• Key posts being identified for succession planning and recruitment purposes.

• . • Management

competencies developed

5

4

20 • Workforce plan to continue to be reviewed on an annual basis to reflect corporate priorities

• Conclusions from Workforce Culture working party being actioned

• Continue activity to address specific recruitment and retention

CD(CS) CD(CS) CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 9


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Council's ability to provide essential services and good customer service.

• Standards of service, control and governance may be adversely affected

• Staff morale may be adversely affected

• Leadership Development Programme launched.

• Bullying and harassment survey completed

• ‘Transform’ process in place to mitigate future impacts on staff of organisational change

issues across services.

3.2 Staff are unprepared for change and do not have the skills competencies or experience to meet future requirements

• Inability to meet the demands of local government of the future and ensure secure continuous improvement of services

3 5 15 • Employee Review & Development Programme / PRD/Performance Management Change Management plans and consultation,

• Preparation and support for managers dealing with change, including application of Moray Management Methods

• Workload pressures on staff being closely monitored.

3 3 9 • Manage vacancies having regard to skills and competencies of current employees as far as practicable

• Corporate training initiative launched to provide virtual modular learning opportunities for staff

• Reinvigorate ERDP process to ensure consistent approach across services

CD(CS)

3.3 Staff engagement is not effective at improving (or

• Reduction in staff productivity and enthusiasm

4 4 16 • Leadership and management development

3 3 9 • Continue to develop employee engagement programme in response

CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 10


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

sustaining) morale and motivation

• Additional management time to resolve issues

programme in place and being developed including resilience training. • Employee

communications; Connect newsletter, staff surveys

• Employee Engagement Programme, including employee conferences and CMT visits and Team Talks

• Health and Work Policy.

• Culture Group established to deal with issues arising from staff surveys

• Targeted support for services with higher than average absence levels.

• Trade Union and Information and Consultation Forums in place.

to feedback and experience

• Implementation of revised health and work policy and targets to be scrutinised for effectiveness

•

3.4 Inadequate management of health and safety

• Injuries or death sustained by individuals;

4 5 20 • Individual Departmental policies/strategies/

2 5 10 • Continued development & enhancement of current safety management

CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 11


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

risks affecting employees, service users or members of the public.

• Senior managers liable to prosecution;

• Council subject to litigation and compensation claims;

• Damage to Council's reputation.

guidelines • Improved internet

access to Health and Safety guidance

• Improved reporting to CMT/Committee, including annual report

• Team talk issued to all staff re-iterating the importance of compliance with Health and Safety rules.

• CMT consider action plan for Health and Safety at six monthly intervals

system. • Continue H&S audits of

safety management culture within the Council as part of rolling planned programme.

• Continued promotion of effective risk assessment processes and zero tolerance approach to safety breaches.

• Health and wellbeing support being developed

• Review of regulations for drivers pending dependent on outcomes from Glasgow enquiry.

4. Regulatory Risks 4.1 Good governance

requirements are not met.

• Inability to demonstrate good governance

4 4 16 • Governance Statement prepared and published annually.

• Strategic plans and vision updated and approved by Council.

• Senior management structures revised.

•

3 3 9 • Governance monitoring continues by CMT, Chief Officers, Monitoring Officer and audit and scrutiny bodies, all in accordance with agreed plans.

• Pro-active management response to issues raised in inspection reports.

• Governance arrangements to be reviewed for any future relationships with arm’s

CMT CD (E&SC)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 12


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

length external organisations.

• New national governance guidance for public sector bodies to be used to assess council’s current arrangements

CD(CS)

5. Environmental Risks 5.1 Wider flooding

issues adversely impacts on communities

• Risk to life and damage to property and possessions.

• Non-compliance with statutory duties

5 4 20 • Flood risk management plan prepared in draft with partners; Highland Council, SEPA and Scottish Water

• Development plan addresses climate change issues

5 3 15 • • Flood risk plan to be

considered and approved by ED & I Services Committee

• Plan to be formally published in June 2016

• Continued liaison with other agencies to mitigate as far as practicable surface water flooding risk.

CD(ED&I)

5.2 Ability to deal with unforeseen external emergencies or incidents is compromised by inadequate emergency planning and resilience

• Non-compliance with Civil Contingencies Act

• Resources not in place to enable appropriate response.

• Inability to provide support to other agencies and to the community

3 5 15 • Council part of North of Scotland Regional Resilience Partnership and Grampian Partnership

• Emergency Planner based in Moray

• Emergency Response Co-ordinators and admin support staff identified and trained.

3 3 9 • Develop programme of exercises to test resilience under new partnership arrangements.

• Audit of scope and coverage of business continuity plans proposed

CE

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 13


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

• Council coordination centre identified and operational

• Lead officer identified for each SCG and Moray Emergency Plan.

• Rest centre managers recruited, trained and procedures in place

• Local Response plans in place identify emergency response roles, supplemented with additional protocols where required.

• Plans for specific emergencies or issues, e.g. Flooding, Oil Pollution, Welfare arrangements in place.

• Crisis communications secured.

6. Reputational Risks 6.1 Council decisions

result in litigation /judicial review

• Unanticipated costs • Censure • Adverse media

coverage

3 3 9 • Suite of financial, regulatory and governance controls in place

3 3 9 • Risks to be fully explained in decision making reports where there is a likely impact on service delivery.

CMT/ CE

6.2 Expectations from external inspections are not met

• Censure • Adverse media

coverage

3 5 15 • Preparations for inspections to be reported to CMT for

3 3 9 • Continued monitoring by CMT of service outcomes reported

CMT CE

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 14


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

• Intervention initial assessment. • CMT overview of action

plan points to ensure effective implementation.

through self assessment and external inspection processes.

6.3 Corporate Customer Pledge standards are not achieved

• Criticism of services cannot be referenced to consistent standards applicable across Council services

5 4 20 • New customer charter has introduced Customer Pledge with common service standards across the council

• Customer focus strategy has set out 7 actions to improve customer engagement and provide a consistent experience across services

• Formal complaints procedure in place

• Performance management reporting framework updated

• Annual Report on Customer Satisfaction and Complaints prepared

4 4 16 • Customer focus strategy to be monitored Rationalise volume of measures on performance management to match available resources

SMT CMT CD (ED&I)

7. Operational Continuity and Performance Risk

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 15


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

7.1

Council performance falls below acceptable level for a sustained period.

• Vulnerable service users at risk.

• Performance against targets reduced affecting external inspection.

• Reductions in other services required to balance budgetary pressures.

• Damage to the Council’s reputation.

4 5 20 • Performance Management Framework

• Budget Monitoring. • Human Resources

support for organisational change, workforce development and developing leadership capacity being developed under workforce planning to mitigate this risk.

• Approach to service planning amended following review

3 4 12 • Review and address performance measures where a diminution in service is apparent.

• CMT managing workload pressures as part of budget process

CMT CMT

7.2 Our ability to deal competently with unforeseen events is compromised by inadequate business continuity planning and resilience

• Lack of consistent methodology to identify “critical” or “key” services

• Contingency plans not in place to maintain critical business activities.

• Non-compliance with Civil Contingencies Act

• Resources not available at the right time and right place to restore key services within

4 4 16 • Business Continuity Management Policy In place

• Business Impact Analysis process carried out across all Council services

• Business continuity plans being developed commensurate with assessed risk for key services to meet civil contingencies act requirements

• List of critical

4 3 12 • Align business continuity plans with risk management processes

• Management teams to continue to review risks and take action to mitigate them where possible.

• Business Continuity Plans tested and reviewed regularly

•

CMT

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 16


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

the necessary timescale

• Damage to Council’s reputation.

functions agreed by Corporate Management Team

• Risk registers maintained and monitored for all services

7.3 The introduction of significant changes in working practices has the potential to cause major disruption to service delivery.

• Staff are unable to use new systems due to lack of training or resistance to change. Critical functions may not be sustained.

• Loss of reputation • Morale and

motivation of staff may suffer if change is not managed

• Customers, clients, the public and other stakeholders could be adversely affected.

4 4 16 • Training • project management • Change management

plan and procedures in place.

• Continue monitoring of major project milestones by CMT and appropriate committees.

3 3 9 • Continuing to manage project and address issues as they arise.

• Proposals being developed for a new corporate management office function

CMT/ SMT

8. IT risks 8.1 Major disruption in

continuity of ICT operations.

• Disruption to a number of operational areas at a location and possible knock-on effect at other locations;

4 5 20 • ICT Action Plan. • Computer Use Policy. • Disaster Recovery

Plans. • Business continuity

2 5 10 • Finalise ICT Business Continuity Plan

• Monitor resource implications necessary to maintain PSN

CD(CS)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 17


No.

RISK Threat to




place


proposed

Ris

k O

wne

r

Like

li-ho

od

Impa

ct

Ris

k sc

ore

Like

li-ho

od

Impa

ct

Ris

k sc

ore

• Adverse effect on essential services.

plans tested and reviewed regularly.

• Main financial systems taken in-house to strengthen continuity arrangements

• Public service network (PSN) accreditation secured

accreditation

8.2 Data security is compromised

• Reputation is damaged

• Financial loss • Loss of personal

data • External censure

5 5 25 • Corporate IS policy • Guidance issued to

staff • Senior Information Risk

Officer appointed • Data control enhanced

through use of Active Directory storage and remote access to Council network.

• Guidance on effective data security measures issued to staff

3 5 15 • Information Assurance Group meets quarterly to consider data and records management issues

• ICT service plans continue to address data security issues relative to new ways of working.

• System controls to be reviewed and developed as part of the plans for expansion of digital services

CD(CS)

(tba)

kirsten.ferguson

Typewritten Text

ITEM: 8 PAGE: 18

Documents

THE MORAY COUNCIL CORPORATE RISK REGISTER Appendix... · Council corporate plan in place running through to 2017 linking the Moray 2023 plan with the council’s service planning